Thanks David. I passed your comments along to Paul Eileen Barkow CICS Systems Programmer NYC Information Technology & Telecommunications 2 MTC 2 FL Brooklyn,NY,11201
718.403.8649 917.436 0508 -----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of David Spiegel Sent: Tuesday, December 21, 2021 9:02 AM To: [email protected] Subject: [EXTERNAL] Re: article about ransomeware and mainframe CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Forward suspect email to [email protected] as an attachment (Click the More button, then forward as attachment). Hi Eileen, I read the article and there seems to be more than one elementary mistake: "... IBM's modern mainframe series started with the 360 up to its current z/OS series ..." 360 is software is hardware, z/OS is software "... Mainframes today do not actually run-on discretionary access control; rather, they run on a mezzanine level of control called role-based access control <https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.google.com%2Furl%3Fq%3Dhttps%253A%252F%252Fresources.infosecinstitute.com%252Fcertification%252Faccess-control-models-and-methods%26sa%3DD%26sntz%3D1%26usg%3DAFQjCNE49XmkPDVpRMSyE9lkbFngLP-shA&data=04%7C01%7Cebarkow%40doitt.nyc.gov%7C941f8ee38114414c9e2008d9c48a7add%7C73d61799c28440228d4154cc4f1929ef%7C0%7C0%7C637756921327426328%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=LjEQugrEUdn4ofIX9%2FP8OEaPRvtpcTAthHygGiBwGZQ%3D&reserved=0> .../". /This statement is true ONLY IF individual USERIds are not given access to any resource. It is not default behaviour. "... IDs run with a UNIX/Linux SUID of 0. ..." Maybe "UID" instead? "... PC or a Mac that can run TN3270-emulation software. ..." Linux (not mentioned) is more likely to be used than Mac "... All vendor-supplied and IBM software must be audited for SUID = 0 ..." Again, UID, not, SUID "...The authorized program facility (APF) library must be monitored for all access because programs running from this library can change a normal ID to a privileged ID. ..." This library?! APF Lists can be hundreds of Datasets. Regards, David On 2021-12-21 08:36, Barkow, Eileen wrote: > This article was written by Paul Renda, who is one of our colleagues in the > RACF security group. > > > > https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww. > realcleardefense.com%2F&data=04%7C01%7Cebarkow%40doitt.nyc.gov%7C9 > 41f8ee38114414c9e2008d9c48a7add%7C73d61799c28440228d4154cc4f1929ef%7C0 > %7C0%7C637756921327426328%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAi > LCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Bhk%2F > 3SUrFAIiasKShecjSxHTQmBVWdwrWUhnwulhF08%3D&reserved=0 > > > > ________________________________ > > This e-mail, including any attachments, may be confidential, privileged or > otherwise legally protected. It is intended only for the addressee. If you > received this e-mail in error or from someone who was not authorized to send > it to you, do not disseminate, copy or otherwise use this e-mail or its > attachments. Please notify the sender immediately by reply e-mail and delete > the e-mail from your system. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send > email [email protected] with the message: INFO IBM-MAIN . ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
